The default configuration in Elasticsearch prior to 1.2 enables dynamic scripting, which allows remote malicious users to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
elasticsearch elasticsearch |
Yes it's years out of date but there's no such thing as security through obscurity
Cisco's security limb has spotted nefarious people targeting Elasticsearch clusters using relatively ancient vulns to plant malware, cryptocurrency miners and worse – though it does root out some other cybercrims’ dodgy wares, cuckoo-style. "These attackers are targeting clusters using versions 1.4.2 and lower," said the networking giant's infosec arm, Talos, in a post summarising what its honeypot setup had caught for examination. The seemingly China-based attackers used two known vulnerabi...